feat(scripts): skip themeColor metadata + record 4 hex-clean repos

Scanner refinement:
- Add themeColor: exception. Next.js PWA metadata 'themeColor' is a
  W3C Web App Manifest field that must be a literal hex string;
  CSS custom properties cannot be used. Skipping these is correct.

Baseline regenerated to reflect fixes pushed to:
- learning_ai_talk2obsidian   (1 hex \u2192 0)  commit d20848a
- learning_ai_local_memory_gpt (1 hex \u2192 0)  commit a5def1c
- learning_ai_trails           (1 hex \u2192 0)  commit 10549e6
- learning_ai_local_llms       (2 hex \u2192 0)  commit ca853f1

Total ecosystem hex findings: 465 \u2192 457
4 repos remain at 0 findings: talk2obsidian, local_memory_gpt,
smart_auth, auth_app.

reports/rule-violations-baseline.md

@@ -354,7 +354,7 @@ Severity legend: **critical** = data/security risk · **major** = rule violation
 
 ## `learning_multimodal_memory_agents`
 
-**Counts:** critical=11 · major=100 · minor=32 · total=143
+**Counts:** critical=11 · major=99 · minor=32 · total=142
 
 - **[major]** `mindlyst-native/iosApp/Models/MemoryStore.swift:64` — Swift print():             print("[MemoryStore] Failed to persist items: \(error)")
 - **[major]** `mindlyst-native/iosApp/Models/MemoryStore.swift:76` — Swift print():             print("[MemoryStore] Failed to decode stored items: \(error)")
@@ -430,7 +430,6 @@ Severity legend: **critical** = data/security risk · **major** = rule violation
 - **[major]** `mindlyst-native/web/src/app/palace/page.tsx:28` — Hardcoded hex color: #8B5CF6
 - **[major]** `mindlyst-native/web/src/app/palace/page.tsx:309` — Hardcoded hex color: #fff
 - **[major]** `mindlyst-native/web/src/app/palace/page.tsx:459` — Hardcoded hex color: #6c7c98
-- **[major]** `mindlyst-native/web/src/app/layout.tsx:29` — Hardcoded hex color: #06070A
 - **[major]** `mindlyst-native/web/src/app/api/brain-packs/route.ts:86` — Hardcoded hex color: #5A8CFF
 - **[major]** `mindlyst-native/web/src/app/api/brain-packs/route.ts:87` — Hardcoded hex color: #2EE6D6
 - **[major]** `mindlyst-native/web/src/app/api/brain-packs/route.ts:107` — Hardcoded hex color: #5A8CFF
@@ -529,7 +528,7 @@ Severity legend: **critical** = data/security risk · **major** = rule violation
 
 ## `learning_ai_fastgap`
 
-**Counts:** critical=0 · major=105 · minor=212 · total=317
+**Counts:** critical=0 · major=104 · minor=212 · total=316
 
 - **[major]** `plugins/withAndroidWidget.js:224` — console.log:       console.log(`
 - **[major]** `plugins/withWatchApp.js:59` — console.log:     console.log(`
@@ -537,7 +536,6 @@ Severity legend: **critical** = data/security risk · **major** = rule violation
 - **[major]** `web/src/app/(app)/settings/page.tsx:185` — Hardcoded hex color: #FF6B6B
 - **[major]** `web/src/app/(app)/social/page.tsx:194` — Hardcoded hex color: #888
 - **[major]** `web/src/app/(app)/simulator/page.tsx:265` — Hardcoded hex color: #fff
-- **[major]** `web/src/app/layout.tsx:21` — Hardcoded hex color: #06070A
 - **[major]** `web/src/components/ShareCard.tsx:33` — Hardcoded hex color: #0D1117
 - **[major]** `web/src/components/ShareCard.tsx:34` — Hardcoded hex color: #1A2332
 - **[major]** `web/src/components/ShareCard.tsx:42` — Hardcoded hex color: #5AE68C
@@ -851,10 +849,9 @@ Severity legend: **critical** = data/security risk · **major** = rule violation
 
 ## `learning_ai_jarvis_jr`
 
-**Counts:** critical=0 · major=3 · minor=15 · total=18
+**Counts:** critical=0 · major=2 · minor=15 · total=17
 
 - **[major]** `web/src/app/(app)/dashboard/page.tsx:125` — Hardcoded hex color: #fff
-- **[major]** `web/src/app/layout.tsx:28` — Hardcoded hex color: #06070A
 - **[major]** `backend/src/modules/jarvis-agents/types.ts:55` — Hardcoded hex color: #7C6BFF
 - **[minor]** `web/src/app/(app)/settings/page.tsx:72` — Emoji in code: 🌙
 - **[minor]** `web/src/app/(app)/dashboard/page.tsx:20` — Emoji in code: 🎯
@@ -1019,16 +1016,13 @@ Severity legend: **critical** = data/security risk · **major** = rule violation
 
 ## `learning_ai_trails`
 
-**Counts:** critical=0 · major=1 · minor=1 · total=2
+**Counts:** critical=0 · major=0 · minor=1 · total=1
 
-- **[major]** `web/src/components/Sidebar.tsx:27` — Hardcoded hex color: #fff
 - **[minor]** `web/src/app/(app)/settings/page.tsx:42` — Emoji in code: 🌙
 
 ## `learning_ai_local_memory_gpt`
 
-**Counts:** critical=0 · major=1 · minor=0 · total=1
-
-- **[major]** `web/src/components/Sidebar.tsx:164` — Hardcoded hex color: #fff
+✅ No violations found.
 
 ## `learning_ai_efforise`
 
@@ -1086,17 +1080,13 @@ Severity legend: **critical** = data/security risk · **major** = rule violation
 
 ## `learning_ai_local_llms`
 
-**Counts:** critical=0 · major=2 · minor=1 · total=3
+**Counts:** critical=0 · major=0 · minor=1 · total=1
 
-- **[major]** `dashboard/src/app/(mission-control)/mission-control/page.tsx:2198` — Hardcoded hex color: #fff
-- **[major]** `dashboard/src/app/layout.tsx:16` — Hardcoded hex color: #3b82f6
 - **[minor]** `dashboard/src/app/lib/format.ts:61` — Emoji in code: 👁
 
 ## `learning_ai_talk2obsidian`
 
-**Counts:** critical=0 · major=1 · minor=0 · total=1
-
-- **[major]** `web/src/VoiceCompose.tsx:382` — Hardcoded hex color: #fff
+✅ No violations found.
 
 ## `learning_ai_smart_auth`
 
@@ -1745,12 +1735,12 @@ Severity legend: **critical** = data/security risk · **major** = rule violation
 
 | Rule | Total findings |
 |------|----------------|
-| `web-hardcoded-hex` | 465 |
 | `b7-emoji-in-code` | 465 |
+| `web-hardcoded-hex` | 457 |
 | `b4-python-print` | 351 |
 | `ts-any-type` | 249 |
 | `b4-console-log` | 93 |
 | `b5-hardcoded-product-id` | 13 |
 | `b4-swift-print` | 7 |
 
-**Grand total: 1643 findings across 19 repos.**
+**Grand total: 1635 findings across 19 repos.**

scripts/check-rule-violations.sh

@@ -251,6 +251,8 @@ scan_web_hardcoded_hex() {
     [[ "$content" =~ var\(--[a-zA-Z0-9_-]+ ]] && continue
     # Skip comment lines (// or /* or *).
     [[ "$content" =~ ^[[:space:]]*(//|\*|/\*) ]] && continue
+    # Skip Next.js PWA themeColor metadata (must be literal hex per spec).
+    [[ "$content" =~ themeColor[[:space:]]*: ]] && continue
     # Extract just the hex match for evidence.
     local match
     match=$(echo "$content" | grep -oE '#[0-9a-fA-F]{6}\b|#[0-9a-fA-F]{3}\b' | head -1)